Re: Very old problem: NYB
- From: Zvi Netiv <support@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Oct 2005 13:29:16 +0200
"news.rcn.com" <news.rnc.com> wrote:
> I have a problem I don't appear to be able to cure and it doesn't seem to
> have surfaced for some years: I have managed to catch NYB and it seems to
> have spread to two computers I have and (I don't see how but) it is
> preventing one computer from booting off the floppy to remove it. I checked
> the floppies on an uninfected box with NAV corporate, THEY don't have the
> virus
You probably have no real problem, only an apparent one, since NYB can't be
active under XP. Moreover, your computer wouldn't boot to XP with the code of
NYB in the boot disk MBR. The computer would hang with a blue screen, before it
can load the system (a basic driver will fail to load).
> I have Windows XP so I can't make a simple boot disc to do a simple Fdisk
> /mbr to get rid of it. (I have tried creating that XP boot disc with NTLDR
> on it and the other four or five files and for some reason it doesn't work
> ANYWAY I don't see how I can do a FDISK with it??)
What you are referring to is the XP (NT) emergency boot disk. It's the wrong
tool to handle MBR and boot sectors problems since it won't let direct disk
access). Besides the fact that you don't need a boot disk at all to resolve the
"problem".
> Does anyone know how I can either make an emergency boot set from another
> uninfected computer with Norton AV Corporate Edition on it OR make an
> emergency set with this computer which is infected?
You are dangerously improvising, and are about to damage access to your drive if
you don't stop hyperventilating.
> Will it make a
> replacement boot sector with the infection on it or can I make a boot set
> which will let me do a simple FDisk /mbr (or otherwise get rid of the virus)
> to correct the boot sector on this infected box whatever the MBR's condition
> at the time I make the emergency set?
NEVER build an emergency boot disk for one PC on another one. You risk
transplanting the wrong configuration sectors (MBR, boot sector) from one hard
disk to the other and lose access to your data / drive!
> Kaspersky's emergency download
> doesn't seem to fix it (though suspiciously it DOES report some apparently
> false positive Trojans which I don't SEEM to have, such as
> Trojan-Downloader.Win32.Agent.un and Trojan-Dropper.Win32.Mudrop.k which
> are described as: "Currently there is no description available for this
> program").
For your own good, stop that hyperactivity. All you have is a false alarm.
> Also curiously, Kaspersky reported my having NYB yesterday on this
> computer, - it's scanner told me it cannot fix NYB, - but NAV did a full
> scan today and didn't report it! Is it possible that NAV is missing this
> obvious boot sector virus while it is saying it is checking the boot sector?
Both products do false alarm. This problem has been discussed in length on
virus forums. Read the thread starting with
http://groups.google.com/group/alt.comp.virus/msg/ddeff668475e993b if curious
about.
> Or did Kaspersky really remove the NYB while it was removing those two
> apparently false positive Trojans? Or is Kaspersky
> reporting a false positive on NYB? (I cant figure out how to run a chkdsk on
> XP to show available memory)
"Missing memory" was never reliable to test the presence of an active boot
infector. Besides the fact that it belongs to the days of plain DOS. As stated
at the top, if XP boots of the hard drive then there is absolutely no
possibility that there is NYB on your drive, neither active, nor even dormant.
To be absolutely sure on my assertion, I just installed NYB on my XP test
machine and retested its behavior.
BTW, FIXMBR *is* effective in overwriting NYB in the MBR, in case you had it
(which you obviously don't). For what it's worth, antivirus products do exactly
the same, with two differences: They may kill access to the drive in case they
misidentify the virus (which they quite often do!), and the bells and whistles.
;-)
Regards, Zvi
--
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities
.
- Follow-Ups:
- Re: Hi there, it's OP here (no longer worried about NYB)
- From: news.rcn.com
- Re: Hi there, it's OP here (no longer worried about NYB)
- References:
- Very old problem: NYB
- From: news.rcn.com
- Very old problem: NYB
- Prev by Date: Re: How To Remove q5760749_disk.dll
- Next by Date: Re: Very old problem: NYB
- Previous by thread: Re: Very old problem: NYB
- Next by thread: Re: Hi there, it's OP here (no longer worried about NYB)
- Index(es):
Relevant Pages
|
